Pentesting Active Directory and Windows-based Infrastructure: A comprehensive practical guide to penetration testing Microsoft infrastructure 281534

Паперова книга
281534
Pentesting Active Directory and Windows-based Infrastructure: A comprehensive practical guide to penetration testing Microsoft infrastructure - фото 1
  • ISBN
    978-1804611364
  • Видавництво
  • Автор
  • Рік
    2023
  • Мова
    Англійська
  • Ілюстрації
    Чорно-білі
1'700
Купити

Все про “Pentesting Active Directory and Windows-based Infrastructure: A comprehensive practical guide to penetration testing Microsoft infrastructure”

Від видавця

Enhance your skill set to pentest against real-world Microsoft infrastructure with hands-on exercises and by following attack/detect guidelines with OpSec considerations

Key Features
  • Find out how to attack real-life Microsoft infrastructure
  • Discover how to detect adversary activities and remediate your environment
  • Apply the knowledge you've gained by working on hands-on exercises
Book Description
This book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities.

You'll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You'll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You'll also learn how to move laterally by blending into the environment's traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you'll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM.

By the end of this book, you'll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company.

What you will learn
  • Understand and adopt the Microsoft infrastructure kill chain methodology
  • Attack Windows services, such as Active Directory, Exchange, WSUS, SCCM, AD CS, and SQL Server
  • Disappear from the defender's eyesight by tampering with defensive capabilities
  • Upskill yourself in offensive OpSec to stay under the radar
  • Find out how to detect adversary activities in your Windows environment
  • Get to grips with the steps needed to remediate misconfigurations
  • Prepare yourself for real-life scenarios by getting hands-on experience with exercises
Who this book is for
This book is for pentesters and red teamers, security and IT engineers, as well as blue teamers and incident responders interested in Windows infrastructure security. The book is packed with practical examples, tooling, and attack-defense guidelines to help you assess and improve the security of your real-life environments. To get the most out of this book, you should have basic knowledge of Windows services and Active Directory.

About the Author
Denis Isakov is a passionate security professional with 10+ years of experience ranging from incident response to penetration testing. He worked in various industries, including banking and consultancy. Denis is specialized in offensive security with particular focus on Active Directory and adversary malware. He has earned a Master's degree in Information Systems and Technologies in 2012. Additionally, Denis has achieved an array of industry certifications ranging from OSCP to GXPN. Outside of computers, Denis enjoys sports and discovering new places.

Зміст

Table of Contents
  1. Getting the Lab Ready and Attacking Exchange Server
  2. Defense Evasion
  3. Domain Reconnaissance and Discovery
  4. Credential Access in Domain
  5. Lateral Movement in Domain and Across Forests
  6. Domain Privilege Escalation
  7. Persistence on Domain Level
  8. Abusing Active Directory Certificate Services
  9. Compromising Microsoft SQL Server
  10. Taking over WSUS and SCCM

Рецензії

0

Всі характеристики

  • Видавництво
  • Автор
  • Категорія
  • Рік
    2023
  • Сторінок
    360
  • Формат
    185х235 мм
  • Обкладинка
    М'яка
  • Тип паперу
    Офсетний
  • Мова
    Англійська
  • Ілюстрації
    Чорно-білі

Товар входить до категорії

  • Безкоштовна доставка в поштомат від 850 ₴
Схожі товари
Хаос-инжиниринг
128564
Кейси РозентальНора Джонс
992 ₴1'240 ₴
Introduction to Software Testing: A Practical Guide to Testing, Design, Automation, and Execution 1st ed. Edition
270253
Panagiotis Leloudas
1'300 ₴
Безупинне розгортання ПО: автоматизація процесів складання, тестування і впровадження нових версій програм (Signature Series)
6119
Дейвид ФарлиДжез Хамбл
1'500 ₴
Complete Guide to Test Automation: Techniques, Practices, and Patterns for Building and Maintaining Effective Software Projects 1st ed. Edition
159042
Arnon Axelrod
1'500 ₴
Modern Software Testing Techniques: A Practical Guide for Developers and Testers 1st ed. Edition
275551
Istvan ForgacsAttila Kovacs
1'560 ₴
The Art of Unit Testing, Third Edition: with examples in JavaScript 3rd ed. Edition
272100
Roy OsheroveVladimir Khorikov
1'600 ₴
Full Stack Testing. A Practical Guide for Delivering High Quality Software
197677
Gayathri Mohan
1'700 ₴
Mastering Financial Pattern Recognition: Finding and Back-Testing Candlestick Patterns with Python 1st Edition
269650
Sofien Kaabar
1'900 ₴
Advanced Software Testing - Vol. 3, 2nd Edition. Guide to the ISTQB Advanced Certification as an Advanced Technical Test Analyst 2nd Edition
40334
Jamie L Mitchell, Rex Black
2'450 ₴